Application Serial No.: 10/501,302 
Amendment in Response to Office Action datec 
Amendment Date: October 1, 2008 

AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions and listings of claims in the application: 

1 . (Previously Presented) A computer system for providing security awareness in an 
organization, comprising: 

a memory means, constituted by a hard disk or Random Access Memory device, 
a central processor unit connected to said memory means, 

an input device, constiluL • : -mu-. . . . . ir wd to sail . al 

processor unit, for the input of a piece of security information into said computer system. 

an output device, constituted by a printer or display device, connected to said central 
processor unit for the output of security inform a- . 

a policy module communicating with said input device and said memory means for the 
conversion of said piece of security information into an information security object (ISO) stored 
in said memory means, and 

a surv ey module communicating with said memory means and said output means for 
generating from said ISO an element of a questionnaire to be output by means of said output 
device; 

wherein said ISO contains content categorized as object category, object descriptor, 
object content, content category, and target group. 

2. (Previously Presented) The computer system according to claim 1 , further 
comprising an educational module communicating with said memory means for receiving 
through said input dc\ ice ^ ; -..id questionnaire and for comparing said set of 
answers of said questionnaire with said ISO for determining the correct and the incorrect 
answers, and generating, based on said incorrect answers, an educational program to be output 
by means of said output device. 

3. (Original) The computer system according to claim 2, said set of answers being 
stored in said memory meam 
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4. (Previously Presented) The computer system according to any of claims 1 -3, said 
memory means being organized as a database. 

5. (Previously Presented) The computer system according to any of claims 1-3, said 
computer system constituting a sta . one conr . • ively a computer system 
including a network and a plural ity of personal computers each including an input device and an 
output device to be operated by a respective user, 

6. (Previously Presented) The computer system according to any of claims 1-3, 
wherein said central processor unit controls in said conversion of said piece of said security 

information into said ISO, and said policy module checks in said memory means for a 
corresponding ISO. 

7. (Previously Presented) A method of providing security awareness in an 
organization, comprising: 

receiving a piece of security information, 

modularising said piece of security information to create an information seen,- - - ec 

(ISO), 

storing said ISO in a memory means, said ISO being generated in a policy module, 
generating in a survey module an element of a questionnaire from said ISO, and 
outputting said questionnaire including said element; 

> ■ ei ein said ISO contains content categorized as object category, object descriptor, 
object content, content category, and target group. 

8. (Previously Presented) The method according to claim 7, further comprising the 
computer system according to any of claims 3-3. 

9. (Currently Amended) A computer system for providing security awareness in an 
organization, comprising: 

a memory means coupled to a central processor unit; 



3 



Application Serial No.: 10/501,302 
Amendment in Response lo < 1 1 
Amendment Date: Octobei I :< • 

an input device coupled to said central processor unit for receiving security information 
into said computer system; 

an output device coupled to said central processor unit for outputiing security 
information; and 

an information security objee 1 ISO) stoi . . ^u, i _ ai , v J>' , : Jiug 

modular content derived from said security information and having a unique identifier and 
security level value, said unique identifier used to link said ISO to an organization and said 
security level value used to creat e ->e ci < \ \ ic Hid i ng the ISO which matches a u- - aut t 
security level value of the organisation; and 

a survey module communicating with said memory means and said output means for 
generating from said ISO an element of a questionnaire to be output by means of said output 
device ; 

wherein said modular content includes an object category, an object descriptor, an object 

content, a content category, and a target group. 

10, (Cancelled) 

1 1 . (Currently Amended) A method of providing security awareness in an 
organization, comprising: 

receiving security information; 

modularising the security information to create an information security object (ISO); 
assigning a security level value to said ISO; and 

compiling said inform,: ' - ■ \- - - ' ty policy including other ISOs 

having the same security level value ; and 

generating in a survey module an element of a questionnaire from said ISO ; 

wherein said ISO contains content categorized as object category, object descriptor, 
object content, content category, and target group. 
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